Seems like it can already be enabled through about:config.
Problem with that, however, is that about:config-access is disabled on the official Firefox Stable build. You could switch to e.g. Fennec or Mull or Firefox Beta/Nightly (which I install through FFUpdater).
Then in about:config, I think, you just have to set “network.trr.mode” to either 2 (try DoH first, but fall back when something can’t be resolved) or 3 (exclusively use DoH). You can read more about that here: https://wiki.mozilla.org/Trusted_Recursive_Resolver
That makes DNS show up as secure for me on https://www.cloudflare.com/ssl/encrypted-sni/
I don’t get the “Encrypted SNI” green, though.
That seems to be getting replaced, though: https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/
Enabling ECH didn’t make the ESNI checkbox green for me, but I’m guessing that’s not actually supposed to be a drop-in replacement.Thank you.
You can set it through
about:config
(only available on Beta and Nightly, Stable for some reason blocks access toabout:config
)network.trr.mode
= 3network.trr.uri
= your DoH serverI use the stable version
Thank you